rundll.exe (prob fake?) is infected by worm.vb.fi

[Tensai]

Hello, before I post the HJT log, I think I should describe the problem (as much as I know about it anyway)...

Yesterday I opened my photocamera for the first time since I took it to china (let some shop have the mem card to get pics), suddenly it showed a write error. I connected the camera with the usb to the comp and after scanning the card with AVG, this rundll.exe file was a worm.VB.fi trojan... however AVG could not delete or quarantine it...

Not having double clicked this rundll.exe file, I thought my comp would have no problems because of it, since it's just on the mem card. However, afterwards I could no longer get into my drives/partitions on my computer by doubleclicking... it would give me a ''rundll.exe has encountered a problem and needs to close'' error and when I rightclick on the drives, I see ''??(o)'' at the rightclick options where it should say ''open'' and ''?????(x)'' for ''explore''. I can still enter my drives by inputting the drive locations in the address bar though.

Also my computer would suddenly not respond/lag during specific actions (like when I first try to open firefox after reboot, need to doubleclick it 2-3 times before it opens... otherwise it just does not respond... windows loads everything slow as hell as well after reboot). Sometimes I get this error message with unreadable symbols.

After scanning with AVG and Malwarebytes, they found the threats: rundll.exe is now also on my C: and going by the date it was created at the same time I connected my pc to the mem card last night! Also a few other extra threats (explorer.exe seems also infected) that are probably connected with it since I just scanned a few days before and had no threats. Trojanremover/malwarebytes/avg can not remove most of these threats though and I am not sure whether I should rempve rundll.exe manually or whether that would help since there are other problems now as well.
Hopefully someone on here can help me - my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:48, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\problemen.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Rundll] C:\WINDOWS\system32\rundll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: PowerWord 2002.lnk = C:\Program my\Kingsoft\XDict\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f97d314b4a8411d1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7171 bytes

 

[katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

 

[Tensai]

Thanks for your reply and yes it seems far more busy than when I first came here!

I won't run any scans now that you're helping me, but I did run a scan with malwarebytes again after I posted, since I had to try SOMETHING (with little success... but when I let my computer idle and suddenly come back to see that there is a 'data execution prevention' message from windows telling me windows has to do something because of security reasons... looks very suspicious).

Here are the logs, they're from the past month as set by default on rsi:

log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-04 13:53:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 717 MB (2%) free of 35 GB
Total RAM: 510 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:40, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program my\BitComet\BitComet.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Thunder Network\Thunder\Components\InMedia\ThunderMinisite.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: PowerWord 2002.lnk = C:\Program my\Kingsoft\XDict\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f97d314b4a8411d1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2008-06-13 177616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2008-06-13 198096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-12-10 180269]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"Thunder"=C:\Program Files\Thunder Network\Thunder\Thunder.exe [2008-08-12 45056]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PowerWord 2002.lnk - C:\Program my\Kingsoft\XDict\XDICT.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-07-07 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=
"NoBandCustomize"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program my\BitComet\BitComet.exe"="C:\Program my\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\games\Call of Duty\CoDMP.exe"="C:\games\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE"="C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2005"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\PROGRA~1\pcast\PODCAS~1\PODCAS~1.EXE"="C:\PROGRA~1\pcast\PODCAS~1\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\Program Files\PPLive\PPlive.exe"="C:\Program Files\PPLive\PPlive.exe:*:EnabledPLive"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\rundll.exe
shell\explore\command - C:\rundll.exe
shell\open\command - C:\rundll.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\rundll.exe
shell\explore\command - D:\rundll.exe
shell\open\command - D:\rundll.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e6aee2-778d-11dc-ad17-0011112d53e7}]
shell\AutoRun\command - G:\rundll.exe
shell\explore\command - G:\rundll.exe
shell\open\command - G:\rundll.exe


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-04 13:53:30 ----D---- C:\rsit
2008-11-29 11:01:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-11-29 11:01:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-11-29 11:01:26 ----D---- C:\Program Files\Spyware Terminator
2008-11-29 09:40:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-11-29 09:39:16 ----D---- C:\Program Files\Trojan Remover
2008-11-29 09:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-11-29 09:39:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-11-28 23:13:48 ----ASH---- C:\WINDOWS\system32\ul.dll
2008-11-28 23:13:48 ----ASH---- C:\WINDOWS\system32\og.dll
2008-11-28 23:13:47 ----A---- C:\WINDOWS\system32\XP-3EC8D8CF.EXE.vir
2008-11-28 23:12:24 ----SH---- C:\rundll.exe
2008-11-23 17:10:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-04 00:50:06 ----SHD---- C:\WINDOWS\Installer
2008-12-04 00:49:12 ----D---- C:\Program Files
2008-12-03 22:54:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 22:54:21 ----HD---- C:\Program Files\Windows Media Player
2008-12-03 22:54:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 21:04:21 ----D---- C:\Program Files\SopCast
2008-12-03 18:22:45 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 18:03:08 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 18:03:08 ----D---- C:\WINDOWS\system32
2008-11-29 12:30:29 ----HD---- C:\WINDOWS
2008-11-29 10:02:33 ----D---- C:\WINDOWS\Temp
2008-11-29 04:24:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-27 11:43:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 14:35:29 ----HD---- C:\WINDOWS\inf
2008-11-25 00:06:11 ----HD---- C:\WINDOWS\Help
2008-11-23 15:34:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-11-23 15:34:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-23 13:30:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-15 01:58:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-15 01:58:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 03:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:02:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:49 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-05 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 RT73;Sitecom RT73 Wireless Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2007-07-27 70001]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-05-01 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-05-01 88688]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-05-01 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-05-01 90768]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-07-07 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-29 539136]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

-----------------EOF-----------------


Info.txt:

info.txt logfile of random's system information tool 1.04 2008-12-04 13:53:46

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader Chinese Traditional Fonts-->MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
Amadis Video Converter Suite V3.5.3-->"C:\Program Files\Amadis Software\Amadis Video Converter Suite\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitComet 0.70-->C:\Program my\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Call of Duty-->C:\games\CALLOF~1\Uninstall\Unwise.exe /u C:\games\CALLOF~1\Uninstall\Install.log
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cucusoft Ultimate DVD + Video Converter Suite 7.7.7.6-->"C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ffdshow [rev 1335] [2007-07-06]-->"C:\Program Files\Matroska Pack\ffdshow\unins000.exe"
greedland (remove only)-->C:\Program Files\greedland\register\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IndeoLigos\Indeo\Uninst.isu" -c"C:\Program Files\IndeoLigos\Indeo\Indeo System Files\indounin.dll"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KuGoo¿á¹·-->C:\PROGRA~1\KuGoo2\UNWISE.EXE C:\PROGRA~1\KuGoo2\INSTALL.LOG
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack (remove only)-->C:\Program Files\Matroska Pack\Uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Monkey Audio Source Filter (remove only)-->"C:\Program Files\Monkey Audio Source Filter\uninstall.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
ѸÀ×5-->"C:\Program Files\Thunder Network\Thunder\unins000.exe"
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Penguin MSN Skin-->C:\Program Files\MSN Messenger\UninstPenguinMSN.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerWord 2002 Share-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31AF29E0-F254-440B-9EB0-0A7AE5A73B51}\setup.exe"
Powerword 2005-->MsiExec.exe /I{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
ryu-ga-gotoku2007?????????-->C:\WINDOWS\ryu-ga-gotoku2007.scr /u
Samsung Music Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}\Setup.exe" -l0x9
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Trojan Remover 6.7.4-->"C:\Program Files\Trojan Remover\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.5.3-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.6.2-->"C:\Program my\VideoLAN\VLC\uninstall.exe"
VideoLAN VLC media player 0.8.6a-->C:\Program my\VideoLAN\VLC\uninstall.exe
Videora iPod touch Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
WinAce Archiver-->C:\Program my\WinAce\SXUNINST.EXE C:\Program my\WinAce\SXUNINST.INI
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - HKLM\..\Run: [lphcr6dj0er99] C:\WINDOWS\system32\lphcr6dj0er99.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem ;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

 

[katana]

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTornado
BitComet
ABC
uTorrent
KuGoo¿á¹·
Any Other P2P Program

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

I will be removing all related folders in the cleaning process.

----------------------------------------------------------- -----------------------------------------------------------
Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.
----------------------------------------------------------- -----------------------------------------------------------

Step 1

Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Wait until the program has finished scanning, then please exit the program.
  The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
  

Please restart your computer.

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• Combofix Log
• How are things running now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

 

[Tensai]

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTornado
BitComet
ABC
uTorrent
KuGoo¿á¹·
Any Other P2P Program

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

I will be removing all related folders in the cleaning process.

ABC and Bittornado I downloaded and installed like years ago and uninstalled them also years ago... I don't see these programs showing in add/remove programs or in C: ... Must be some old traces??

I uninstalled utorrent, kugoo and bitcomet using your method... however, while bitcomet's uninstall was successful and I don't see its folder in program files or in add/remove programs anymore, I can somehow still open it using its shortcut? What to do now.

 

[katana]

Don't worry, continue with Flash Disinfector and Combofix.
I will remove the leftovers next.

 

[Tensai]

Alright, btw, should I connect my photocamera (with its memory card -> the culprit of the problems.. and it seems just connecting it will cause the problems to go to the comp, since I never touched the files on in the first place) to the computer when using flash disinfector or?

 

[katana]

should I connect my photocamera

Yes please

 

[Tensai]

Hey, sorry for the delay.

----------------------------------------------------------- -----------------------------------------------------------
Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.
----------------------------------------------------------- -----------------------------------------------------------

Step 1

Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Wait until the program has finished scanning, then please exit the program.
  The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
  

Please restart your computer.

Ran the program with my camera and the culprit files on my memory card. I noticed that I can now enter my partitions/drives by doubleclicking them and the options ''explore'' and ''open'' are back again when I rightclick on the partitions on ''my computer''.
However, the files are still there (on the card as well as on my computer), I scanned it with AVG and that fake rundll.exe on my card and my computer is still there and infected with that worm.

Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

I tried to run combofix.exe from my desktop, but it won't load the dos window... after doubleclicking a little bar with combofix on it shows (giving the impression it's loading, but the white bar isn't filling up to show it's opening or doing something) and the mouse arrow is flickering every now and then... I waited about 10 minutes, nothing.

 

[katana]

Please delete Combofix.exe and download a fresh copy.

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

[Tensai]

I'm posting from another computer: my infected computer is still trying to run combofix following your instructions, but it's showing the same problems starting up as described in my previous post...

 

[katana]

If it still isn't running, please post a fresh RSIT log

 

[Tensai]

(I just checked in my folders and DO have a combofix.exe I downloaded+ran a year or so ago when that was requested on here by your fellow helper. I tried doubleclicking it and it does immediately give me that dos window, so it should run. Shall I use this one then?)

Ran RSIT, there is no info.txt this time. The log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-07 23:45:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 731 MB (2%) free of 35 GB
Total RAM: 510 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45, on 08-12-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: PowerWord 2002.lnk = C:\Program my\Kingsoft\XDict\XDICT.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f97d314b4a8411d1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6888 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2008-06-13 177616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2008-06-13 198096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-12-10 180269]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"Thunder"=C:\Program Files\Thunder Network\Thunder\Thunder.exe [2008-08-12 45056]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PowerWord 2002.lnk - C:\Program my\Kingsoft\XDict\XDICT.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-07-07 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=
"NoBandCustomize"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program my\BitComet\BitComet.exe"="C:\Program my\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\games\Call of Duty\CoDMP.exe"="C:\games\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE"="C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2005"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\PROGRA~1\pcast\PODCAS~1\PODCAS~1.EXE"="C:\PROGRA~1\pcast\PODCAS~1\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\Program Files\PPLive\PPlive.exe"="C:\Program Files\PPLive\PPlive.exe:*:EnabledPLive"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\rundll.exe
shell\explore\command - C:\rundll.exe
shell\open\command - C:\rundll.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\rundll.exe
shell\explore\command - D:\rundll.exe
shell\open\command - D:\rundll.exe


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-07 23:43:24 ----D---- C:\sUBs
2008-12-04 13:53:30 ----D---- C:\rsit
2008-11-29 11:01:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-11-29 11:01:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-11-29 11:01:26 ----D---- C:\Program Files\Spyware Terminator
2008-11-29 09:40:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-11-29 09:39:18 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-11-29 09:39:16 ----D---- C:\Program Files\Trojan Remover
2008-11-29 09:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-11-29 09:39:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-11-28 23:13:48 ----ASH---- C:\WINDOWS\system32\ul.dll
2008-11-28 23:13:48 ----ASH---- C:\WINDOWS\system32\og.dll
2008-11-28 23:13:47 ----A---- C:\WINDOWS\system32\XP-3EC8D8CF.EXE.vir
2008-11-28 23:12:24 ----SH---- C:\rundll.exe
2008-11-23 17:10:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-07 23:44:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 23:15:03 ----D---- C:\Program Files
2008-12-07 11:46:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-07 11:46:22 ----HD---- C:\Program Files\Windows Media Player
2008-12-07 01:12:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 17:50:04 ----D---- C:\WINDOWS\Temp
2008-12-04 00:50:06 ----SHD---- C:\WINDOWS\Installer
2008-12-03 21:04:21 ----D---- C:\Program Files\SopCast
2008-12-03 18:03:08 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 18:03:08 ----D---- C:\WINDOWS\system32
2008-11-29 12:30:29 ----HD---- C:\WINDOWS
2008-11-29 04:24:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-27 11:43:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 14:35:29 ----HD---- C:\WINDOWS\inf
2008-11-25 00:06:11 ----HD---- C:\WINDOWS\Help
2008-11-23 15:34:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-11-23 15:34:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-23 13:30:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-15 01:58:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-15 01:58:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-13 03:02:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:02:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:49 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-05 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 RT73;Sitecom RT73 Wireless Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2007-07-27 70001]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-05-01 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-05-01 88688]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-05-01 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-05-01 90768]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-07-07 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-29 539136]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Not sure if it could help or is the reason, but I noticed a new thing happening a few days ago, this desktop.ini file automatically opens whenever I reboot and it's in the favorites of explorer. Its text:


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

 

[katana]

(I just checked in my folders and DO have a combofix.exe I downloaded+ran a year or so ago when that was requested on here by your fellow helper. I tried doubleclicking it and it does immediately give me that dos window, so it should run. Shall I use this one then?)

Under no circumstances must you use that old version of Combofix.
You should delete it immediately.



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Reg )

:Processes
:Services
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTornado\btdownloadgui.exe"=-
"C:\Program my\BitComet\BitComet.exe"=-
"C:\Program Files\ABC\abc.exe"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

:Files
C:\WINDOWS\system32\ul.dll
C:\WINDOWS\system32\og.dll
C:\WINDOWS\system32\XP-3EC8D8CF.EXE.vir
C:\rundll.exe
D:\rundll.exe
:Commands
[Purity]
[EmptyTemp]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please reboot and try running the newest combofix

 

[Tensai]

Ran OTmoveIT3:

========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTornado\btdownloadgui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program my\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\ABC\abc.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\ul.dll
C:\WINDOWS\system32\ul.dll NOT unregistered.
C:\WINDOWS\system32\ul.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\og.dll
C:\WINDOWS\system32\og.dll NOT unregistered.
C:\WINDOWS\system32\og.dll moved successfully.
C:\WINDOWS\system32\XP-3EC8D8CF.EXE.vir moved successfully.
C:\rundll.exe moved successfully.
D:\rundll.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_gyJVUa4fCc3FKD1TKHDM scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_130400

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_gyJVUa4fCc3FKD1TKHDM not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL NOT unregistered.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\q38jz7xc.default\XUL.mfl moved successfully.


-------------------

Had two error messages saying:

The app or DLL C:\WINDOWS\system32\ul.dll and C:\WINDOWS\system32\og.dll are no valid windows images.

 

[Tensai]

Oh and still had the same problem running combofix.

 

[katana]

Let's see if an online scan will show us what the problem is

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

 

[Tensai]

C&P'ing it on here makes it look messed up, but I also couldn't upload it in one file as it exceeded the limit for txts on here. I made two parts of it, first one attached in this post, second one in the post after.

 

[Tensai]

Second part.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-09 19:56:22
PROTECTIONS: 0
MALWARE: 11
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\IJL11.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Program my\VideoLAN\VLC\vlc.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Program my\Kingsoft\XDict\XDICT.EXE
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\checkfw.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq234.tmp\PCloser.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq234.tmp\System.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Spyware\lsse.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\avpproxy.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fm4av.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fpinor.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbl.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbld.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\FSHKE.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssubmit.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\lsse.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ywiseext.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_uninstop.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\fsauc.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\pcast.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\pCastCtl.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\webscan.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\kssetting.exe_8BCAA7D371F34097857E7B78CBAEF505.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\NewShortcut13_5071F84AFF334D2DBD96FCF45A201FF4_1.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\NewShortcut4_5071F84AFF334D2DBD96FCF45A201FF4.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\NewShortcut6_5071F84AFF334D2DBD96FCF45A201FF4.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\XDict.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}\XDict1.exe_8BCAA7D371F34097857E7B78CBAEF505.EXE
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Real\Update\setup\data\inst_config\compat.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Program my\BitComet\BitComet.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\gmer\gmer.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\MP3 cutter\mp3cutter.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\Extract\KSEngine.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\Extract\KSVoice.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\Extract\XDPopWnd.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\KSG\ace.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\KSG\AuxProcess.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\KSG\bootupdate.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\kingsoft\KSG\client.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\Microsoft Shared\Speech\SAPI.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\SpeechEngines\Microsoft\spcommon.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Common\SpeechEngines\Microsoft\TTS\1033\SPTTSENG.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Program Files\TVAnts\UNWISE.EXE
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\Cjktl32.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\Cjktl95.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\DBCore10.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\DicMngr.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\doshow.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\RemoveVideoActiveXObject.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\ITextOut.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\ITTSEngine.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\KPic10.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\KSSetting.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\NEWWORD.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\NewWord.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\NormGrab.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\RegDict.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\ScrollWord.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\toTTSEngine50.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\XdictGrb.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\XFavHist.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\program files\Kingsoft\PowerWord 2005\XFILE.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\setup.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System\msxml4.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System\msxml4a.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System\msxml4r.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Decdnet.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Pncrt.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Pnen3230.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Pnui3230.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Ra3214_4.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Ra3228_8.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Ra32dnet.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Redist\MS\System\msvcp60.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\Redist\MS\System\msvcrt.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\SHFOLDER.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\VOCTL32.DLL
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\System32\WMV9VCM.dll
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\shortcuts\i_view32.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\Software\iview397.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\Software\mirc616.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\Software\Xilisoft.Complet-Pack.All.Video.Audio.Converters.Incl.Keygen-Lz0-EiTheL_ALLTEAM\Xilisoft.iPod.Video.Converter.v3.1.7.0616b.Keygen.Only-Lz0\Linezer0\keygen.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\Software\Xilisoft.Complet-Pack.All.Video.Audio.Converters.Incl.Keygen-Lz0-EiTheL_ALLTEAM\Xilisoft.RM.Converter.v3.1.7.0616b.Keygen.Only-Lz0\lz0nem01\keygen.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
00040405 W32/Bacalid.A Virus No 0 Yes No C:\Program Files\TVAnts\Tvants.exe
00047257 vbs/psyme.gen Virus/Trojan No 0 Yes No c:\program files\windows media player\wmplayer.exe.tmp
00186187 adware/dudu Adware No 0 Yes No hkey_current_user\software\dudu
00217459 adware/dollarrevenue Adware No 1 Yes No c:\windows\keyboard1.dat
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\sUBs\TSF\nircmd.exe
00520578 Trj/Lineage.DDZ Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\VGod.DLL
00520578 Trj/Lineage.DDZ Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\12082008_130400\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL
00520578 Trj/Lineage.DDZ Virus/Trojan No 0 Yes No C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGod.DLL
01471929 W32/Patchlog.L Virus No 0 Yes No C:\_OTMoveIt\MovedFiles\12082008_130400\rundll.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\shell.fne
03487350 Adware/AccesMembre Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\12082008_130400\WINDOWS\system32\XP-3EC8D8CF.EXE.vir
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\SDFix.exe[C:\Documents and Settings\Administrator\Desktop\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\SDFix.exe[C:\Documents and Settings\Administrator\Desktop\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
04128671 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Low Gong\powerword2005\Powerword 2005.msi[unk_0034]
04128671 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\835db16.msi[unk_0049]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Administrator\Desktop\Low Gong\Software\Football\TvantsSetup.EXE
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;======================================

 

[katana]

You are heavily infected with a very old file infector,
I saw Symantec in a previous log, and assumed that you had it installed as your AntiVirus.
Looking back over your logs, I can't see any sign of an active antivirus, and that is what has caused your problems.

Let's see if we can save your machine.

1. Download Dr. Web CureIt and save it to your desktop.
2. Double click on cureit.exe to run it.
3. Click on Start to start the scan.
4. Dr Web CureIt will prompt you. Click OK.
5. This will start an express scan. It shouldn't take too long.
6. When done, click on Options > Change settings.
7. Select the Scan tab. Uncheck (untick) Heuristics analysis box.
8. Select the Log file tab. Uncheck (untick) Maximum log file size box.
9. Click OK to apply the settings.
10. Select the Complete scan radio button, then click on the green triangle button on the right hand side.
11. It will start scanning. Please be patient as this scan can be long.
12. During the scan, if it finds any infected items, it will prompt you. Click Yes to all to cure the files.
13. Click on File > Save report list. Save this report to a convenient location.